feat(helm): Valkey: use dedicated service account#14217
Merged
mtesauro merged 1 commit intoDefectDojo:devfrom Feb 4, 2026
Merged
feat(helm): Valkey: use dedicated service account#14217mtesauro merged 1 commit intoDefectDojo:devfrom
mtesauro merged 1 commit intoDefectDojo:devfrom
Conversation
kiblik
force-pushed
the
feature/helm-valkey-sa
branch
from
fb78f44 to
657d2e4
Compare
valentijnscholten
approved these changes
Jan 30, 2026
Maffooch
approved these changes
Feb 2, 2026
Contributor
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
kiblik
force-pushed
the
feature/helm-valkey-sa
branch
from
657d2e4 to
2b1fab8
Compare
Contributor
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Jino-T
approved these changes
Feb 3, 2026
valentijnscholten
pushed a commit
to valentijnscholten/django-DefectDojo
that referenced
this pull request
Feb 5, 2026
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
fopina
pushed a commit
to fopina/django-DefectDojo
that referenced
this pull request
Feb 16, 2026
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
mtesauro
added a commit
that referenced
this pull request
Feb 17, 2026
* Update dependency @tabler/icons from 3.36.0 to v3.36.1 (docs/package.json) (#14023)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump celery from 5.6.0 to 5.6.1 (#14005)
Bumps [celery](https://github.com/celery/celery) from 5.6.0 to 5.6.1.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.6.0...v5.6.1)
---
updated-dependencies:
- dependency-name: celery
dependency-version: 5.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) (#14008)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix: remove unnecessary blank line in sanitize_vulnerability_ids function
* Update versions in application files
* use celery[sqs] bundle (#14004)
* Update versions in application files
* Update versions in application files
* announcements: catch exceptions
* chore(deps): bump django-polymorphic from 4.5.2 to 4.6.0 (#14030)
Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.5.2 to 4.6.0.
- [Release notes](https://github.com/jazzband/django-polymorphic/releases)
- [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst)
- [Commits](https://github.com/jazzband/django-polymorphic/compare/v4.5.2...v4.6.0)
---
updated-dependencies:
- dependency-name: django-polymorphic
dependency-version: 4.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update migration notes for django-pghistory (#14043)
Clarify the migration process for django-pghistory tables.
* fix front matter in PingCastle docs (#14036)
* :lipstick: Add output description reference to google cloud artifactory scan (#14038)
* remove dojo_model_to/from_id decorator (#13984)
* remove dojo_model_to/from_id decorator
* remove dojo_model_from/to_id
* remove dojo_model_from/to_id
* remove dojo_model_from/to_id
* remove dojo_model_from/to_id
* fix tests
* remove leftover signature methods
* fix test counts
* fix test counts
* fix test counts
* Update dojo/settings/settings.dist.py
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* fix test
---------
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* ReadMe Updates - New Community Portal (#14042)
* Revise README for Docker Compose V2 updates
Updated README to reflect changes for Docker Compose V2 and removed outdated V1 instructions.
* Revise demo links and installation options in README
Updated demo environment description and installation options.
* Fix Slack community link and improve wording
Updated Slack community link and adjusted text for clarity.
* Revise social media links and Slack community invitation
Updated social media links and community invitation text.
* Add files via upload
* Update Slack logo link and Twitter image source
* Update image sources in README.md
* Fix image height in Community section of README
* Add files via upload
* Update image height in README.md
* Revise community portal and Pro edition details
Updated community engagement links and enhanced Pro edition description.
* Fix formatting in installation options section
* Update README.md
* Update README.md
---------
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Update .gitignore
* chore(deps): bump django-dbbackup from 5.1.0 to 5.1.1 (#14062)
Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/Archmonger/django-dbbackup/releases)
- [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.1.0...5.1.1)
---
updated-dependencies:
- dependency-name: django-dbbackup
dependency-version: 5.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump django-polymorphic from 4.6.0 to 4.8.0 (#14060)
Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.6.0 to 4.8.0.
- [Release notes](https://github.com/jazzband/django-polymorphic/releases)
- [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst)
- [Commits](https://github.com/jazzband/django-polymorphic/compare/v4.6.0...v4.8.0)
---
updated-dependencies:
- dependency-name: django-polymorphic
dependency-version: 4.8.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump urllib3 from 2.6.2 to 2.6.3 (#14059)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.6.2...2.6.3)
---
updated-dependencies:
- dependency-name: urllib3
dependency-version: 2.6.3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update mccutchen/go-httpbin docker tag from 2.19.0 to v2.20.0 (docker-compose.override.dev.yml) (#14057)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump pdfmake from 0.3.0 to 0.3.1 in /components (#14055)
Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.0 to 0.3.1.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bpampuch/pdfmake/compare/0.3.0...0.3.1)
---
updated-dependencies:
- dependency-name: pdfmake
dependency-version: 0.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* :bug: Fix multiple google cloud artifact scan bugs (#14052)
* :bug: Fix multiple google cloud artifact scan bugs
* udpate
* chore(deps): bump celery[sqs] from 5.6.1 to 5.6.2 (#14039)
Bumps [celery[sqs]](https://github.com/celery/celery) from 5.6.1 to 5.6.2.
- [Release notes](https://github.com/celery/celery/releases)
- [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst)
- [Commits](https://github.com/celery/celery/compare/v5.6.1...v5.6.2)
---
updated-dependencies:
- dependency-name: celery[sqs]
dependency-version: 5.6.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* :lipstick: Refactor multiple scan results (#14046)
* reordered-jira-alert-description (#14058)
* [docs] pro release notes 2.54.0 (#14047)
* update changelog headings
* update changelog
---------
Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
* chore(deps): update dependency vite from 7.3.0 to v7.3.1 (docs/package.json) (#14053)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* :tada: Advance Google Cloud Artifact Scan to parse vulnid
* :tada: Implement Cloudflare insights parser
* .
* Update dojo/tools/cloudflare_insights/parser.py
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
* fix: update redis/valkey comment (#13858)
* fix: update redis/valkey comment
* feat(ci): additional comment updates
---------
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
* Product Grade: Configuration Removal (#14075)
* Remove product grade configuration and related management command
* Remove product_grade field from system_settings model
* Update expected query counts in performance tests for importer
* Update versions in application files
* Update versions in application files
* Update versions in application files
* Update expected query counts in performance tests for importers
* chore(deps): update dependency renovatebot/renovate from 42.71.0 to v42.80.1 (.github/workflows/renovate.yaml) (#14070)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Remove unused asteval dependency (#14079)
- Remove asteval from requirements.txt as it's not used in the codebase
- Remove asteval license notice from NOTICE file
- No Python code imports or uses asteval
* :bug: fix Nonetype in nuclei #14071 (#14072)
* chore(deps): bump pdfmake from 0.3.1 to 0.3.2 in /components (#14074)
Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bpampuch/pdfmake/compare/0.3.1...0.3.2)
---
updated-dependencies:
- dependency-name: pdfmake
dependency-version: 0.3.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Asset/Organizations Endpoints: Patches, permission checking, and API tests (#14080)
* Update AssetSerializer fields to allow null values and set defaults
* Refactor authorization functions to use type hints for better clarity and maintainability
* Enhance permission checks to support multiple primary key attributes in post requests
* Refactor check_post_permission to use list type for post_pk parameter
* Refactor Organization serializers to handle default values for critical and key assets, and update OrganizationViewSet to use OrganizationFilterSet for filtering.
* Refactor API tests to include asset and organization endpoints, enhancing coverage for asset-related functionalities.
* Refactor permission classes to use asset and organization-specific permissions, enhancing clarity and maintainability.
* Add blank line before UserHasOrganizationGroupPermission class for improved readability
* Add Report Builder submenu and improve form validation error messages (#14068)
- Add explicit 'Report Builder' submenu item under Reports menu for better UX
- Improve form validation error messages to show which specific fields are missing
- Fix trailing whitespace in Finding Groups menu item
* :arrow_up: Bump ruff from 0.14.10 to 0.14.11 (#14066)
* Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) (#14083)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency yamllint from 1.37.1 to v1.38.0 (.github/workflows/test-helm-chart.yml) (#14084)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency node from 24.12.0 to v24.13.0 (.github/workflows/validate_docs_build.yml) (#14086)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update valkey Docker tag from 0.13.0 to v0.15.0 (helm/defectdojo/Chart.yaml) (#14099)
* Update valkey Docker tag from 0.13.0 to v0.15.0 (helm/defectdojo/Chart.yaml)
* update Helm documentation
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Update dependency prettier from 3.7.4 to v3.8.0 (docs/package.json) (#14091)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Refactor note fetching logic to improve permission checks and reduce code duplication (#14081)
* Enforce readonly name field for Test_Type instances and add dynamic serializer selection (#14090)
* Enforce readonly name field for existing Test_Type instances in form
* Add TestTypeCreateSerializer and enforce readonly name field in TestTypeSerializer
* Add dynamic serializer selection in TestTypesViewSet for create action
* Update test payload to set 'active' field instead of 'name'
* Update TestTypeTest payload to use 'name' and modify update_fields to 'active'
* Add test to verify 'name' field is read-only in TestType
* Update actions/setup-node action from v6.1.0 to v6.2.0 (.github/workflows/validate_docs_build.yml) (#14092)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Import/Reimport: Push to jira when findings is not grouped
* Add unit tests
* chore(deps): bump django-dbbackup from 5.1.1 to 5.1.2 (#14094)
Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/Archmonger/django-dbbackup/releases)
- [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.1.1...5.1.2)
---
updated-dependencies:
- dependency-name: django-dbbackup
dependency-version: 5.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update styfle/cancel-workflow-action action from 0.12.1 to v0.13.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#14093)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Try more recordings?
* Update suzuki-shunsuke/github-action-renovate-config-validator action from v1.1.1 to v2 (.github/workflows/renovate.yaml) (#14102)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* 💄 ssl labs json files reformat (#14106)
* :lipstick: Refactor ssl_labs json file
* more
* chore(deps): update actions/cache action from v5.0.1 to v5.0.2 (.github/workflows/validate_docs_build.yml) (#14108)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* :tada: Implement json part for Cloudflare insights parser (#14096)
* Consolidation of Template Tags: Make a single use case reusable, and use in report disclaimers (#14098)
* Add additional fields to AssetSerializer (#14109)
* Add additional fields to AssetSerializer for business criticality, platform, lifecycle, and origin
* Correct some filters too
* Fix Content-Type header bugs in file downloads and MIME type handling (#14124)
Fixes #14118
This commit fixes multiple bugs related to MIME type handling in file downloads:
1. Fixed tuple-as-string bug where mimetypes.guess_type() was used directly
in f-strings, resulting in invalid Content-Type headers like
"('image/png', None)" instead of "image/png"
2. Added fallback to "application/octet-stream" when MIME type cannot be
determined (when guess_type returns None)
3. Fixed incorrect content type for JSON exports (was "json" instead of
"application/json")
4. Fixed potential AttributeError crash in inline_image template tag when
guess_type returns None and code attempted to call .startswith() on None
Files changed:
- dojo/api_v2/views.py: Risk acceptance file download (API endpoint)
- dojo/utils.py: Generic file response helper function
- dojo/finding/views.py: Finding image downloads and JSON template export
- dojo/engagement/views.py: Risk acceptance proof downloads
- dojo/templatetags/display_tags.py: Inline image template tag
All file downloads now properly set Content-Type headers with appropriate
fallbacks for unknown file types.
* fix bleach memory leak & simplify git commit hash checker (#14117)
* commit hash footer: disable in production mode
* memory leak: fix bleach usage
* simplify git commit hash check
* improve git commit detection
* cleanup
* prettify sample scan files (#14113)
* prettify sample scan files
* prettify sample scan files
* tags from parser: fix parsers, add tests and fallback (#14111)
* tags from parser: fix parsers, add tests and fallback
* fix tag merge
* comments
* Update versions in application files
* chore(deps): update release-drafter/release-drafter action from v6.1.0 to v6.1.1 (.github/workflows/release-drafter.yml) (#14126)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump pdfmake from 0.3.2 to 0.3.3 in /components (#14122)
Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.2 to 0.3.3.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bpampuch/pdfmake/compare/0.3.2...0.3.3)
---
updated-dependencies:
- dependency-name: pdfmake
dependency-version: 0.3.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update openapitools/openapi-generator-cli Docker tag from v7.18.0 to v7.19.0 (Dockerfile.integration-tests-debian) (#14121)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update losisin/helm-values-schema-json-action action from v2.3.2 to v2.4.1 (.github/workflows/test-helm-chart.yml) (#14115)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update losisin/helm-docs-github-action action from v1.6.2 to v1.7.1 (.github/workflows/test-helm-chart.yml) (#14114)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency renovatebot/renovate from 42.80.1 to v42.85.8 (.github/workflows/renovate.yaml) (#14112)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) (#14110)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update versions in application files
* Update versions in application files
* :tada: add Trivy misconfiguration fields #14136
* Fix risk-accepted findings not being closed when vulnerability is fixed (#14125)
Fixes #10769
When a finding is risk-accepted and the underlying vulnerability is subsequently fixed (no longer appears in scan reports), the import/reimport process was failing to properly close these findings. This occurred because:
1. DefaultImporter.close_old_findings() only queried for active=True findings, missing risk-accepted findings which have active=False
2. BaseImporter.mitigate_finding() did not remove the risk_accepted status when closing findings
Changes:
- Modified DefaultImporter.close_old_findings() to include risk-accepted findings in the query (Q(active=True) | Q(risk_accepted=True))
- Added risk_unaccept() call in BaseImporter.mitigate_finding() to remove risk acceptance when findings are closed
- Added comprehensive unit tests covering both scenarios:
* Risk-accepted findings that are no longer in scan reports (should be closed and risk acceptance removed)
* Risk-accepted findings that are still in scan reports (should remain risk-accepted)
The fix ensures that when a previously risk-accepted vulnerability is genuinely fixed, the finding status accurately reflects this by being mitigated and having the risk acceptance removed.
* feat: Add pghistory tracking for tag fields (#14116)
* pghistory: add tag tracking + ui improvements
* simplify ui strings
* simplify ui strings
* move logic
* display reviewers names
* add ui elements properly
* catch and log errors
* catch and log errors
* fix(deps): update dependency @docsearch/css from 4.4.0 to v4.5.3 (docs/package.json) (#14128)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency django-debug-toolbar from 6.1.0 to v6.2.0 (requirements-dev.txt) (#14132)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update valkey docker tag from 0.15.0 to v0.15.1 (helm/defectdojo/chart.yaml) (#14131)
* chore(deps): update valkey docker tag from 0.15.0 to v0.15.1 (helm/defectdojo/chart.yaml)
* update Helm documentation
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.nginx-alpine) (#13996)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* update
* pro changelog: jan21 (#14144)
* update changelog 2.54.1/2
* quick fix
Removed note about no significant UX changes from changelog.
* Update file upload field to accept dynamic file types and add validation for supported extensions (#14143)
* chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.11 to v1.37.12 (helm/defectdojo/values.yaml) (#14135)
* chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.11 to v1.37.12 (helm/defectdojo/values.yaml)
* update Helm documentation
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* chore(deps): bump setuptools from 80.9.0 to 80.10.1 (#14138)
Bumps [setuptools](https://github.com/pypa/setuptools) from 80.9.0 to 80.10.1.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v80.9.0...v80.10.1)
---
updated-dependencies:
- dependency-name: setuptools
dependency-version: 80.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update dependency prettier from 3.8.0 to v3.8.1 (docs/package.json) (#14141)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update peter-evans/create-pull-request action from v8.0.0 to v8.1.0 (.github/workflows/update-sample-data.yml) (#14142)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update actions/setup-python action from v6.1.0 to v6.2.0 (.github/workflows/test-helm-chart.yml) (#14146)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump markdown from 3.10 to 3.10.1 (#14147)
Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.10 to 3.10.1.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](https://github.com/Python-Markdown/markdown/compare/3.10.0...3.10.1)
---
updated-dependencies:
- dependency-name: markdown
dependency-version: 3.10.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sqlalchemy from 2.0.45 to 2.0.46 (#14148)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.45 to 2.0.46.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy
dependency-version: 2.0.46
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update release-drafter/release-drafter action from v6.1.1 to v6.2.0 (.github/workflows/release-drafter.yml) (#14149)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update actions/checkout action from v6.0.1 to v6.0.2 (.github/workflows/validate_docs_build.yml) (#14150)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump ruff from 0.14.11 to 0.14.14 (#14152)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.11 to 0.14.14.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.11...0.14.14)
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.14.14
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vulners from 3.1.3 to 3.1.5 (#14153)
Bumps vulners from 3.1.3 to 3.1.5.
---
updated-dependencies:
- dependency-name: vulners
dependency-version: 3.1.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(deps): update dependency thulite from 2.6.3 to v2.6.4 (docs/package.json) (#14154)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix(deps): update dependency @docsearch/js from 4.4.0 to v4.5.3 (docs/package.json) (#14129)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Revert "Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.nginx-alpine) (#13996)" (#14158)
This reverts commit 1a61804140a41ba44ee69a1de5a5e5b20e21bdc8.
* Update dependency renovatebot/renovate from 42.85.8 to v42.92.5 (.github/workflows/renovate.yaml) (#14159)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Add Permissions-Policy header settings and corresponding tests (#14156)
* Update versions in application files
* Change pghistory backfill log level from ERROR to DEBUG for missing event tables (#14151)
When migration 0250 runs before migration 0256 creates the tags event tables,
it logs ERROR messages for missing tables. These are expected during migration
sequencing and should be DEBUG level instead.
Changes:
- Update auditlog.py to log at DEBUG level when event tables don't exist
- Update progress_callback functions in migrations 0250 and 0257 to handle DEBUG level
* Add django-linear-migrations for linear migration history (#14145)
* start using django-linear-migrations
* simplify readme
* Update versions in application files
* Update versions in application files
* chore(deps): bump setuptools from 80.10.1 to 80.10.2 (#14163)
Bumps [setuptools](https://github.com/pypa/setuptools) from 80.10.1 to 80.10.2.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v80.10.1...v80.10.2)
---
updated-dependencies:
- dependency-name: setuptools
dependency-version: 80.10.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Refactor engagement and risk acceptance permissions (#14155)
* Refactor engagement permissions: introduce BaseRelatedObjectPermission and update related views
* Refactor permission classes for risk acceptance and findings in views
* Refactor permission classes: introduce UserHasDevelopmentEnvironmentPermission, UserHasRegulationPermission, and UserHasSLAPermission; update views accordingly
* Refactor BaseDjangoModelPermission: short circuit permission evaluation for unsupported request methods
* Refactor RiskAcceptanceViewSet: simplify download_proof method by moving permission_classes to the decorator
* Add global role fixture and enhance test setup for permissions
* Refactor test setup in BaseClass: consolidate user authentication logic into a reusable method
* Create new user rather than hijacking an existing one
* More user fun :)
* :bug: Fix "Test Type" filter dropdown includes inactive test types #14161 (#14166)
* :bug: No filter by "Test name" in the findings list for all products #14162 (#14167)
* authorizations: optimize queries & cache data per request (#13989)
* authorizations: add test cases
* authorizations: use subqueries instead of exists
* fix metrics test
* authorizations: cache results per requests if possible
* fix metrics calleers
* add upgrade note
* Update performance test counts after merge
Updated expected query and async task counts using update_performance_test_counts.py script.
Most tests show improvements with slight reductions in queries/tasks.
Product grading tests show small increases due to upstream changes in grading logic.
All tests verified passing.
* Enhance risk acceptance authorization by checking global permissions when no engagements are found (#14174)
* feat(async): Drop args from async_dupe_delete (#14171)
* Update dependency @thulite/inline-svg from 1.2.1 to v1.2.2 (docs/package.json) (#14182)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update valkey Docker tag from 0.15.1 to v0.15.2 (helm/defectdojo/Chart.yaml) (#14175)
* Update valkey Docker tag from 0.15.1 to v0.15.2 (helm/defectdojo/Chart.yaml)
* update Helm documentation
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix(deps): update dependency @thulite/images from 3.3.3 to v3.3.4 (docs/package.json) (#14181)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix(async): watchmedo was installed incorrectly (#14183)
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* feat(async): Show number of tasks waiting in queue (#14180)
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* feat(async): Set "expires" for regulart tasks (#14172)
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* fix(deps): update dependency @thulite/seo from 2.4.2 to v2.4.3 (docs/package.json) (#14184)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#14187)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update python:3.13.11-alpine3.22 Docker digest from 3.13.11 to v (Dockerfile.nginx-alpine) (#14188)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump python-gitlab from 7.1.0 to 8.0.0 (#14189)
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 7.1.0 to 8.0.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v7.1.0...v8.0.0)
---
updated-dependencies:
- dependency-name: python-gitlab
dependency-version: 8.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump cryptography from 46.0.3 to 46.0.4 (#14190)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.4)
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update docker/login-action action from v3.6.0 to v3.7.0 (.github/workflows/release-x-manual-tag-as-latest.yml) (#14194)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update valkey Docker tag from 0.15.2 to v0.15.3 (helm/defectdojo/Chart.yaml) (#14193)
* Update valkey Docker tag from 0.15.2 to v0.15.3 (helm/defectdojo/Chart.yaml)
* update Helm documentation
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* chore(deps): bump django-polymorphic from 4.8.0 to 4.10.5 (#14088)
* chore(deps): bump django-polymorphic from 4.8.0 to 4.9.0
* Update requirements.txt
* Update requirements.txt
* update
* Update django-polymorphic version to 4.10.5
* Rename migration file for clarity
---------
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Fix: Suppress expected JIRA validation alerts when pushing (Fixes #12988) (#13974)
* Fix: Suppress expected JIRA validation alerts when auto-pushing
Fixes #12988
When 'Push all issues' is enabled at the engagement level, DefectDojo
attempts to automatically push all findings to JIRA during import/reimport.
This causes alerts to be created for every finding that cannot be pushed
due to expected validation failures (e.g., not verified, not active, below
minimum threshold).
These alerts flood the Alerts UI with noise since these are expected
conditions, not actual errors. The fix distinguishes between:
- Expected validation failures: Findings that aren't ready to be pushed
(not verified/active, below threshold, etc.) - these are logged but don't
create alerts
- Unexpected errors: Configuration issues, connection problems, etc. -
these still create alerts as they indicate real problems
This ensures users only see alerts for actual problems while still logging
expected validation failures for debugging purposes.
* fix
* Update dojo/jira_link/helper.py
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
---------
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Update python:3.13.11-alpine3.22 Docker digest from 3.13.11 to v (Dockerfile.nginx-alpine) (#14211)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#14210)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency @thulite/doks-core from 1.8.3 to v1.8.4 (docs/package.json) (#14207)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* :lipstick: Typo in release 2.52 (#14204)
* Update actions/cache action from v5.0.2 to v5.0.3 (.github/workflows/validate_docs_build.yml) (#14202)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency kubernetes/minikube from v1.37.0 to v1.38.0 (.github/workflows/k8s-tests.yml) (#14199)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* remove duplicated openreports parser doc (#14206)
* Include Trufflehog verified secret info in report (#14192)
* Include Trufflehog verified secret info in report
* Revert title change
* Pass verified flag to Finding object
* Revert description change
* chore(deps): bump jquery-ui from 1.14.1 to 1.14.2 in /components (#14201)
Bumps [jquery-ui](https://github.com/jquery/jquery-ui) from 1.14.1 to 1.14.2.
- [Release notes](https://github.com/jquery/jquery-ui/releases)
- [Commits](https://github.com/jquery/jquery-ui/compare/1.14.1...1.14.2)
---
updated-dependencies:
- dependency-name: jquery-ui
dependency-version: 1.14.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* don't (over)write status on comment event (#14208)
* Fix email template rendering for product_type_added notification
* fix: fix rendering error in product_type_added email template
* [docs] 2026 overhaul (#14157)
* update changelog headings
* add nav highlight to header
* init /get_started/
* add new top menu entries
* move everything to a new directory
* redesign header
* dynamic colored logo
* correct spacing
* make a new menu
* move all article content
* mv remaining articles
* make better search button
* even better search button
* update sectionNav and reorder articles
* add glossary
* add glossary text
* add initial version switcher
* adjust css
adjust css
make CSS nicer: color and top border
remove flicker again
* add version metadata to get_started articles
* update walk partial to check single articles
* finish get started content
* finish setting up import content
* inprogress - set up defectdojo structure
* Create new docs for Metrics
* fix &or remove all links
* fix typo
---------
Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
Co-authored-by: dangoelz <dangoelz@gmail.com>
* locations: everything else (#14198)
* locations: everything else
* remove unnecessary todos
* use proper field for location equal comparison
* for pro proposition banner, use location count if v3 enabled
* jira link updates
* update view_finding, view_test templates and display_tags to look at import_settings locations
* urls as unique
* url uniqueness hash generation
* rework url cleaning
* update editing a product url to get/create
* update or create url on form
* fix edit/add endpoint views
* update comment in settings re: endpoints as a hash code field
* default skip_validation on basemodelwithouttimedelts#save to "not v3 enabled"
* perf test updates
* Apply suggestion from @Maffooch
* Update fixtures for dev branch to be happy
* docs - quick patch (#14226)
* fix broken header link
* add release notes button
* fetch latest in button
* fix version select offset
* fix xss vuln: escape HTML
* Update versions in application files
* Update versions in application files
* Update versions in application files
* chore(deps): bump pyjwt from 2.10.1 to 2.11.0 (#14224)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0)
---
updated-dependencies:
- dependency-name: pyjwt
dependency-version: 2.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#14223)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update dependency renovatebot/renovate from 42.92.5 to v43 (.github/workflows/renovate.yaml) (#14222)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* feat(helm): Valkey: use dedicated service account (#14217)
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
* refactor dojo async task base task
The custom decorators that we have on Celery tasks interfere with some
(advanced) celery functionality like signatures. This PR refactors this
to have a clean base task that passes on context, but does not interfere
with celery mechanisms.
The logic to decide whether or not the task is to be called
asynchronously is now in a dispatch method.
* Fix AttributeError in celery task dispatch
- Use class reference instead of self for task dispatch
(self.method returns bound method without .si() attribute)
- Update location_manager.py to use dojo_dispatch_task
instead of @dojo_async_task decorator
- Convert task methods to static-like functions (no self parameter)
* Fix remaining dojo_dispatch_task call sites
- Avoid passing manager/task attributes via instance
(use class task objects to ensure .si() is available)
- Stop dispatching non-task jira_helper.push_to_jira through dojo_dispatch_task;
call it directly and let it dispatch the underlying celery tasks
* [docs] indexing improvements (#14229)
* update robots.txt for indexing
* add audience content to algolia indexing
* add cache refresh for release notes version
* chore(deps): bump django from 5.2.9 to 5.2.11 (#14236)
Bumps [django](https://github.com/django/django) from 5.2.9 to 5.2.11.
- [Commits](https://github.com/django/django/compare/5.2.9...5.2.11)
---
updated-dependencies:
- dependency-name: django
dependency-version: 5.2.11
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update views.py (#14243)
* Set last reviewed date and reviewer when note is added (#14209)
* Set last reviewed date and reviewer for finding
Update finding's last reviewed date and reviewer to maintain parity with UI behaviors
* Apply suggestion from @Maffooch
* Set last reviewed date and author for finding
Update finding with last reviewed date and author.
* Apply suggestions from code review
* Apply suggestion from @Maffooch
---------
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
* Fix finding counts showing as 1 due to subquery ordering bug (#14242)
Hardened build_count_subquery to explicitly clear ordering and order by
group_field before slicing. This prevents Django from adding implicit
ORDER BY <pk> which causes GROUP BY to collapse counts to 1.
Also updated prefetch_for_product_type to use the hardened helper instead
of a local Subquery with the same vulnerability.
Added unit tests to verify the fixes work correctly.
Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com>
* Update versions in application files
* Update versions in application files
* Update versions in application files
* chore(deps): bump datatables.net from 2.3.6 to 2.3.7 in /components (#14214)
Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 2.3.6 to 2.3.7.
- [Release notes](https://github.com/DataTables/Dist-DataTables/releases)
- [Commits](https://github.com/DataTables/Dist-DataTables/compare/2.3.6...2.3.7)
---
updated-dependencies:
- dependency-name: datatables.net
dependency-version: 2.3.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update python:3.13.11-slim-trixie docker digest from 3.13.11 to v (dockerfile.integration-tests-debian) (#14233)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Fix risk acceptance API to link to engagement and add validations
Fixes #12644
This commit addresses several issues with the risk acceptance API:
1. Risk acceptances created via API now appear in engagement panel
- Added engagement.risk_acceptance.add(instance) in create() method
- Fixes the main bug where API-created risk acceptances were orphaned
2. Added validation for enable_full_risk_acceptance product setting
- API now respects the product-level setting before creating instances
- Validates in validate() method to fail early
3. Added protection against engagement switching
- Prevents moving risk acceptances between engagements via PATCH/PUT
- Validates even when risk acceptance has no findings (edge case)
4. Performance improvement
- Use self.instance.accepted_findings.all() instead of filtering
5. Comprehensive API tests
- Added test_risk_acceptance_api.py with 7 test cases
- Covers all edge cases and validation scenarios
- All tests passing
Changes:
- dojo/api_v2/serializers.py: Enhanced RiskAcceptanceSerializer
- unittests/test_risk_acceptance_api.py: New comprehensive test suite
* fix permission check
* prevent orphaned RAs getting findings but no eng
* Merge pull request #14237 from paulOsinski/changelog-feb-3
[docs] pro changelog - 2.55.0
* chore(deps): update python docker tag from 3.13.11 to v3.13.12 (dockerfile.nginx-alpine) (#14245)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update valkey/valkey:7.2.11-alpine docker digest from 7.2.11 to v (docker-compose.yml) (#14252)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Fix engagement retrieval in ImportScanView and ReImportScanView to use product reference
* Update dockerfiles to ensure underlying OS is always running the latest packages
* Add unit tests
* Add noqa comment to toggle_system_setting_boolean decorator in JIRAImportAndPushTestApi
* [docs] replace old risk acceptance article and add calendar (#14244)
* Replace old risk acceptance article and add calendar
* revert thulite changes and block renovate
* resize images
* update lock file
* change article directories
* content changes
* update lock file again
---------
Co-authored-by: Paul Osinski <posinski34@gmail.com>
Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com>
* Add test to ensure duplicate findings are deleted in the proper order (#14256)
* added testing to ensure duplicate findings are deleted in the correct order
* fix ruff issues
* Update unittests/test_duplication_loops.py
---------
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Fix test name filter to use test__title instead of test__name (#14253)
The Test model uses 'title' field, not 'name'. This fixes the 500 error
when filtering findings by Test name with Filter String Matching
Optimization enabled.
Fixes #14160
Co-authored-by: Cursor <cursoragent@cursor.com>
* Expose `has_any_jira_issue` filter for findings (#12670) (#14266)
The `has_jira_issue` filter only checks if the finding itself has a JIRA
issue. For findings in a group where the group has a JIRA issue, this
filter doesn't match. A `FindingHasJIRAFilter` that checks both already
existed but was never wired up to be visible in the UI or API.
Rename it to `has_any_jira_issue`, add help text, and include it in
`get_finding_filterset_fields()` so it appears in the finding filters
when both JIRA and finding groups are enabled.
Closes #12670
* Add finding group support to jira_status_reconciliation command (#14267)
* Add finding group support to jira_status_reconciliation command
The jira_status_reconciliation management command only processed
individual findings with direct JIRA issues. Finding groups that
were pushed to JIRA as groups were completely skipped because their
JIRA issue is attached to the Finding_Group model, not to individual
findings.
This adds a second processing loop for Finding_Group objects with
JIRA issues, supporting all three modes (reconcile, push_status_to_jira,
import_status_from_jira). The group's aggregate status is derived from
its member findings. To avoid pushing the same JIRA issue twice, we use
push_status_to_jira directly on the group object (not
push_finding_group_to_jira which would also push individual finding
JIRA issues already handled by the existing loop).
Also adds --include-findings/--no-include-findings and
--include-finding-groups/--no-include-finding-groups flags so users
can control which types are processed.
Closes #14031
* add upgrade notes
* Jira keep findings in sync: Expand to import/reimport and API (#14262)
* Enhance JIRA synchronization logic in importers and serializers
- Updated push_to_jira conditions to include sync behavior based on JIRA instance settings.
- Refactored JIRA push logic to check for sync status in FindingSerializer and DefaultImporter.
- Improved handling of JIRA instance retrieval and sync checks in DefaultReImporter and BaseImporter.
- Added support for prefetched JIRA instance in is_keep_in_sync_with_jira function.
* Refactor JIRA sync flag to use 'finding_jira_sync' for consistency in importers and reimporters
* Refactor is_keep_in_sync_with_jira function to use a generic object parameter for improved flexibility
* Refactor is_keep_in_sync_with_jira function to improve JIRA issue detection and sync logic
* Add tests
* bulk edit: push groups to JIRA when sync is enabled (#14265)
---------
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
* Update versions in application files
* Update versions in application files
* chore(deps): bump ruff from 0.14.14 to 0.15.0 (#14238)
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.14 to 0.15.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.14.14...0.15.0)
---
updated-dependencies:
- dependency-name: ruff
dependency-version: 0.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update python:3.13.12-alpine3.22 docker digest from 3.13.12 to v (dockerfile.nginx-alpine) (#14263)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): update python:3.13.12-slim-trixie docker digest from 3.13.12 to v (dockerfile.integration-tests-debian) (#14264)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump setuptools from 80.10.2 to 82.0.0 (#14272)
Bumps [setuptools](https://github.com/pypa/setuptools) from 80.10.2 to 82.0.0.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/setuptools/compare/v80.10.2...v82.0.0)
---
updated-dependencies:
- dependency-name: setuptools
dependency-version: 82.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update dependency renovatebot/renovate from 43.2.4 to v43.5.6 (.github/workflows/renovate.yaml) (#14268)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump django-polymorphic from 4.10.5 to 4.11.0 (#14258)
Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.10.5 to 4.11.0.
- [Release notes](https://github.com/jazzband/django-polymorphic/releases)
- [Commits](https://github.com/jazzband/django-polymorphic/compare/v4.10.5...v4.11.0)
---
updated-dependencies:
- dependency-name: django-polymorphic
dependency-version: 4.11.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump markdown from 3.10.1 to 3.10.2 (#14289)
Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.10.1 to 3.10.2.
- [Release notes](https://github.com/Python-Markdown/markdown/releases)
- [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md)
- [Commits](https://github.com/Python-Markdown/markdown/compare/3.10.1...3.10.2)
---
updated-dependencies:
- dependency-name: markdown
dependency-version: 3.10.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump redis from 7.1.0 to 7.1.1 (#14290)
Bumps [redis](https://github.com/redis/redis-py) from 7.1.0 to 7.1.1.
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](https://github.com/redis/redis-py/compare/v7.1.0...v7.1.1)
---
updated-dependencies:
- dependency-name: redis
dependency-version: 7.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump social-auth-core from 4.8.3 to 4.8.5 (#14291)
Bumps [social-auth-core](https://github.com/python-social-auth/social-core) from 4.8.3 to 4.8.5.
- [Release notes](https://github.com/python-social-auth/social-core/releases)
- [Changelog](https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python-social-auth/social-core/compare/4.8.3...4.8.5)
---
updated-dependencies:
- dependency-name: social-auth-core
dependency-version: 4.8.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update dependency node from 24.13.0 to v24.13.1 (.github/workflows/validate_docs_build.yml) (#14294)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update docker/build-push-action action from v6.18.0 to v6.19.2 (.github/workflows/release-x-manual-docker-containers.yml) (#14299)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump django-dbbackup from 5.1.2 to 5.2.0 (#14298)
Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.2 to 5.2.0.
- [Release notes](https://github.com/Archmonger/django-dbbackup/releases)
- [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.1.2...5.2.0)
---
updated-dependencies:
- dependency-name: django-dbbackup
dependency-version: 5.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update dependency kubernetes from 1.32.11 to v1.32.12 (.github/workflows/k8s-tests.yml) (#14303)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update valkey Docker tag from 0.15.3 to v0.15.4 (helm/defectdojo/Chart.yaml) (#14304)
* Update valkey Docker tag from 0.15.3 to v0.15.4 (helm/defectdojo/Chart.yaml)
* update Helm documentation
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* chore(deps): bump vulners from 3.1.5 to 3.1.6 (#14306)
Bumps vulners from 3.1.5 to 3.1.6.
---
updated-dependencies:
- dependency-name: vulners
dependency-version: 3.1.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update dependency kubernetes/kubernetes from v1.35.0 to v1.35.1 (.github/workflows/k8s-tests.yml) (#14310)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump cryptography from 46.0.4 to 46.0.5 (#14297)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.4 to 46.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.4...46.0.5)
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update postgres docker tag from 18.1 to v18.2 (docker-compose.yml) (#14311)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* chore(deps): bump ruff from 0.15.0 to 0.15.1
* remove extra files
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ross E Esposito <ross@defectdojo.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Co-authored-by: DefectDojo release bot <dojo-release-bot@users.noreply.github.com>
Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com>
Co-authored-by: Greg Anderson <greg.anderson@owasp.org>
Co-authored-by: Jino Tesauro <53376807+Jino-T@users.noreply.github.com>
Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
Co-authored-by: Carl Anthon Wellsjö <58119759+anthonwellsjo@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: kiblik <5609770+kiblik@users.noreply.github.com>
Co-authored-by: Filipe Pina <636320+fopina@users.noreply.github.com>
Co-authored-by: James Golovich <james@gnuinter.net>
Co-authored-by: Oscar Martinez <Oscar.Martinez@visionarytechservices.com>
Co-authored-by: dangoelz <dangoelz@gmail.com>
Co-authored-by: dogboat <dogboat@users.noreply.github.com>
Co-authored-by: Matt Tesauro <mtesauro@gmail.com>
Co-authored-by: Paul Osinski <posinski34@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Valkey chart does not enforce the existence of a dedicated service account. But it is a good idea to have it because of the best practice.